[Cosmo-dev] current-user-privilege-set and tickets
lisa at osafoundation.org
Wed Aug 23 14:34:11 PDT 2006
On Aug 22, 2006, at 2:27 PM, Brian Moseley wrote:
> On 8/22/06, Jeffrey Harris <jeffrey at osafoundation.org> wrote:
>> My feeling is that clients will only log in with one set of
>> username or a ticket, and they just want to know what they can do
>> on the
>> server. They don't care how they gained privileges.
> that may be true for some clients, but i doubt it will be true for
What do you see as a different use case? Why would a user want to
know if they have write permission and care whether they've obtained
it via a ticket or ACL?
The client cases I can imagine this for are:
- Verifying likely success before attempting a large PUT
- Ability to grey out or enable GUI affordances like a "move" button
and "delete" button
- Ability to make fields editable or not appropriately
All of these are better served by having a summary of "what can I do
>> If I understand Brian correctly, he feels that tickets and user
>> authentication are quite different and should not be conflated.
> right. i suggested that we could support a (non-standard)
> current-ticket-privilege-set. this would not break the abstractions of
> cosmo's security model or confuse the modularity of the code.
> note that you shouldn't merge the results of user or ticket privilege
> queries. if the request carries user credentials, and that user has
> created several tickets on the resource, then all of those ticket
> infos will be reported in the ticketdiscovery property, even if they
> have nothing to do with the request's authentication state. this is
> another argument for having a current-ticket-privilege-set property.
I don't follow the argument. I agree ACL queries are one thing, and
ticket queries are another, but CUPS basically asks "What can I do on
this resource right now?" and thus the answer can ignore those
tickets that aren't relevant to the permissions that would be applied
to this user/session/request. Perhaps CUPS would have been better
named "Current context privilege set" or just "current privilege
set"; if it were would you feel the same way about it?
More information about the cosmo-dev